Palo Alto Networks Scans Surge 500%, Zero-Day Feared

Cybersecurity firm GreyNoise reported a 500% surge in scanning activity targeting Palo Alto Networks login portals, marking the highest level in three months. The reconnaissance involved over 1,200 IP addresses, with 93% classified as suspicious, originating from various international locations. This activity shares characteristics with recent scanning campaigns against other network hardware, including overlapping tools and infrastructure tied to a specific region. The similarity suggests a potential connection between the operators behind the campaigns. Such significant spikes in scanning can often precede the public disclosure of new zero-day vulnerabilities, prompting close monitoring of the situation.

Latest mentioned: 10-04

Earliest mentioned: 10-04

Sources

thehackernews.com securityaffairs.com

Also Read

PolarEdge ORB Network Unveiled: 25,000 IoT Devices Compromised

XLab has discovered RPX_Client, a new module in the PolarEdge ORB network, which hijacks IoT devices for global proxy operations. The malware, distributed via IP address 111.119.223.196, onboards infected devices into the PolarEdge proxy pool, providing relay services and executing remote commands. Over 25,000 devices have been compromised, primarily network video recorders and routers. The command-and-control infrastructure includes 140 active RPX_Server nodes, using a PolarSSL test certificate and listening on port 55555. The RPX_Client module functions as a relay agent, disguising its process name and maintaining configuration data encrypted via XOR. The malware maintains two persistent C2 channels for registration, proxy services, and remote command execution.

10-31Read more →